Information security practices and experiences in small businesses
暂无分享,去创建一个
The purpose of this research was to characterize the practices, experiences, and concerns of small businesses regarding information security. As the global economy continues to embrace the marketplace of ideas, concern with how information security is practiced at every juncture is rising. Over the past decade, there have been many attempts to characterize the practices and experiences of businesses with regards to information security. Unfortunately, many of these surveys suffer from biases that make them unusable for generalizing the common state of practice or concern. In addition to flaws in methodology or weaknesses in design, the state of research has ignored the small business community, which is a critical sector in both the global economy and the economy of the United States.
The method used for this research was a descriptive study using a questionnaire as primary instrument of data collection. Questionnaires were distributed in the first quarter of the year 2000 to 741 businesses nationwide. Of those, 209 small businesses responded by July 2000. Based on those responses, this research describes small business use of information security related management tools and technology tools. It also describes the level of importance accorded different information classes by small business, reported experiences over the previous twelve months, and level of concern for potential problem areas related to information security. The results are compared to fourteen other survey results as well as described on their own.
The findings indicate that the current state of information security practice in small business is fairly spotty. Low percentages of respondents report using even common technologies, with the exception of anti-virus software and password protection on systems. Low percentages of respondents also report having experienced information security related problems. Anecdotal evidence combined with the low rates of technology usage implies that the lack of problems may be related to a lack of ability to notice problems in a highly technical area. Further research is required to identify and explain why small businesses adopt some management tools but not others, why they use some technologies but not others, and how their experience base affects how they operate.
[1] P. Diehl. Research Methods for Business and Management , 1992 .
[2] John D. Howard,et al. An analysis of security incidents on the Internet 1989-1995 , 1998 .
[3] C. Tapper. Computer crime. , 1981, The Medico-legal journal.
[4] R. Wigand,et al. Electronic Markets and Virtual Value Chains on the Information Superhighway , 1995 .